We would like to place strictly necessary cookies and performance cookies on your computer to improve our website service.
To find out more about how we use cookies and how you can change your cookies settings, please read our  cookies statement.                
Otherwise, we'll assume you are OK to continue.   Please close this message

Federal Trade Commission to sue Wyndham for lax data security

28 April 2014

On 7 April 2014, a US Federal judge effectively gave a green light to the Federal Trade Commission (FTC) to prosecute data breaches where the loss arose from weak corporate data security.

Wyndham Worldwide was sued by the FTC in 2012 following a breach of information security when hackers stole sensitive personal data of customers from the servers of the hotel chain.

Although Wyndham claimed to have security in place and co-operated with the FTC following the data breach, the FTC alleged that Wyndham did not have adequate data security policies and procedures in place to prevent the cybercrime.

Notwithstanding that the hack was a crime in itself, it is clear that companies have to take responsibility for implementing adequate technical and organisational measures to prevent or at least minimise the risk of a data breach.

As FTC chairwoman Edith Ramirez has said, "Companies should take reasonable steps to secure sensitive customer information. When they do not, it is not only appropriate, but critical, that the FTC take action on behalf of consumers."

Businesses should expect this to be a cost of processing personal data - but who will ultimately bear that cost?

This article was written by Robert Bond.

For more information please contact Robert on +44 (0)20 7427 6660 or robert.bond@crsblaw.com.